June 22, 2016 By Rick M Robinson 2 min read

Once upon a time, a few years ago, e-commerce was a separate world from brick-and-mortar retail. So was e-commerce security. Now the lines are blurring: Not only do traditional brick-and-mortar stores have more e-commerce operations, but a growing number of online retailers are branching out into storefront operations as well.

Mobile devices further blur the lines, allowing online transactions to happen literally in front of the store window. Indeed, even individual transactions can be blended, with buyers making a purchase online and then going into a store to pick up the purchase.

Even as storefront and online retail come together, each poses its own distinct cybersecurity challenges — one size does not fit all. Businesses with both storefront and e-commerce operations, which now include most retailers, need cybersecurity strategies in place to handle brick-and-mortar cybersecurity as well as e-commerce security.

Two Sides of One Street

Some aspects of retail cybercrime are equal-opportunity threats to both storefront and online operations. Broadly speaking, these threats converge and become similar at the back end.

For example, whatever their mix of online and storefront transactions, all retailers depend on the security and integrity of their customer account records. Breaches of these databases, which can compromise millions of customers’ financial data, are a leading risk to all retailers. The back-end protective measures needed to secure this information are not transaction-dependent.

On the other hand, as Sara Peters noted at Dark Reading, storefront retail poses some distinct security challenges. Point-of-sale (POS) malware increased 66 percent in the last quarter of 2015 alone, for example.

While payment system downtime is bad for any organization, the effects may be particularly crippling for in-store or mobile retail. If people shopping from home cannot complete a transaction on their favorite retail website, they may simply blame the internet and try again some other time. But if they go into a store and cannot complete a purchase, the experience is much more aggravating. There they are, looking at the merchandise they want, and yet they still can’t buy it.

Threats in a Fragmented World

The bustle of storefront retail adds further challenges. Sales clerks are busy answering questions and providing assistance at the same time that they are processing payments, increasing the chance of small but costly mistakes.

Moreover, brick-and-mortar retailers must guard against cyberthreats such as POS fraud while defending against traditional storefront threats such as shoplifting. Retail clerks now need three pairs of eyes to tend to customers, avoid traditional retail threats and guard against cyberthreats.

As online retailers expand into the storefront, they — like their brick-and-mortar counterparts who are moving online — are discovering the need to securely handle business in what Information Age characterized as “an omnichannel environment.” This includes challenges that have no exact equivalent in pure online retail, where transactions go through a web portal on the front end, while physical fulfillment is handled in a warehouse.

The special demands of protecting brick-and-mortar retail against cyberthreats can be summed up as the challenge of fragmentation. E-commerce can happen anywhere and everywhere, but e-commerce security is centralized. Transactions all pass through a web presence, and their fulfillment is handled from a warehouse. In contrast, every individual storefront provides its own opportunity for cyberthreats to slip past defenses and carry out an attack.

E-commerce Security Gets Complicated

Protecting a customer database against compromise is absolutely crucial for all retailers — large or small, brick-and-mortar or online. But retailers with physical operations need to be aware that those storefronts, for all their advantages, also pose distinct risks that require their own specialized security protections.

More from Retail

5 ways to improve holiday retail and wholesale cybersecurity

4 min read - It’s the most wonderful time of the year for retailers and wholesalers since the holidays help boost year-end profits. The National Retail Federation (NRF) predicts 2022 holiday sales will come in 6% to 8% higher than in 2021. But rising profits that come at the cost of reduced cybersecurity can cost companies in the long run when you consider the rising size and costs of data breaches. The risk of data breaches and other cyber crimes can make this shopping…

Cost of a data breach: Retail costs, risks and prevention strategies

3 min read - Whether it’s online or brick-and-mortar, every new store or website represents a new potential entry point for threat actors. With access to more personally identifiable information (PII) of customers than most industries, bad actors perceive retail as a great way to cash in on their attacks. Plus, attackers can duplicate attack methods more easily since retailers share similar cybersecurity infrastructure. The good news for retail is that the cost of a data breach in the sector remains low compared to…

Lessons learned by 2022 cyberattacks: X-Force Threat Intelligence Report

3 min read - Every year, the IBM Security X-Force team of cybersecurity experts mines billions of data points to reveal today’s most urgent security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 digs into attack types, infection vectors, top threat actors, malware trends and industry-specific insights. This year, a new industry took the infamous top spot: manufacturing. For the first time in over five years, finance and insurance were not the top-attacked industries in 2021, as manufacturing overtook them by a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today